Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 383073 (CVE-2011-3363) - Kernel: cifs/connect.c DoS (CVE-2011-3363)
Summary: Kernel: cifs/connect.c DoS (CVE-2011-3363)
Alias: CVE-2011-3363
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
Depends on:
Reported: 2011-09-15 11:26 UTC by Agostino Sarubbo
Modified: 2018-04-04 17:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-09-15 11:26:53 UTC
From secunia security advisor at $URL:

The vulnerability is caused due to an error when mounting CIFS shares with certain DFS referrals, which can be exploited to trigger a "BUG_ON()" in a client by tricking the victim into mounting from a malicious server.

Solution: (patch)
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-06-02 14:20:24 UTC
CVE-2011-3363 (
  The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before
  2.6.39 does not properly handle DFS referrals, which allows remote CIFS
  servers to cause a denial of service (system crash) by placing a referral at
  the root of a share.
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-04-04 17:36:11 UTC
There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.